Docker Apps

From Univention Wiki

Starting with UCS 4.1 the Univention App Center supports Docker. Docker is an OS level virtualization
software that helps deploying Apps in isolated containers. A Docker App is an App in the Univention App
Center that is based on a Docker image, be it a stand-alone image provided by the App Provider or an image
supported directly by Univention and "enriched" by the App Provider. App Providers are encouraged to use
Docker Apps instead of Non-Docker Apps where possible as development focus of the App Center will be
on the Docker integration.

Why Docker?

Prior to UCS 4.1, Apps in the Univention App Center were installed next to all other system packages. This
made the development of enterprise applications for UCS fairly easy but had some shortcomings:

All Apps had to be in the Debian package format. While Debian provides excellent tools to build software for it, this still was a considerable amount of effort if the App was not already packaged for Debian.

Some Apps required newer versions of certain packages like PHP. This had impact on the stability of the operating system and also led to (not obvious) conflicts between Apps.

With a growing number of Apps in the App Center catalog it got harder for Univention to verify that the App did not break anything by enabling/disabling features of certain software components. With the Debian Maintainer scripts, App vendors effectively had root access on the system.

Whenever a new UCS release was based on a new Debian release, it became extremely difficult to provide all Apps (tested and verified) for this release on day 1. Nearly each App had to be updated and tested by the App Provider during the development phase of UCS.

By supporting Docker, we aim to overcome those points while preserving the simplicity of developing an App.

Two kinds of Docker Apps

If you have already worked with Docker, you may know that Docker is sometimes advertised as a way to
encapsulate each and every task into its own container, sometimes referred to as Micro services. In the Univention App Center we currently focus on two different routes:

The App is based on a minimal, yet fully functional UCS image. This image is built by Univention, the App itself is installed and started in the container. This is basically the way it was before the Docker integration in the App Center: Apps consist of Debian packages and are installed on a UCS. But now they are encapsulated by Docker in their UCS based container; think of the container as a low cost virtual machine.

The App is based on its own image. No further packages are installed, the container is fully functional when started and the App is already installed and running inside.

If an App simply does not work properly inside a container with restricted access to the rest of the system, this might be a good reason why it should be a Non-Docker App. The App Center supports Non-Docker Apps, but they should be avoided where possible. If you feel your App needs to be a Non-Docker App, talk to us. Maybe we find a workaround or even extend the App Center. But maybe a Non-Docker App is okay.